Integrate the OAuth Resource Owner Password Grant

This topic describes the Java SDK OAuth Resource Owner Password Grant flow integration.

Overview

In this flow, the client application provides its own user interface in which the user enters their credentials and grants access to resources. It should only be used in highly privileged client applications, such as native applications running on an OS.

Before you begin

Integrate the SDK

Follow the steps below to use this SDK to get the access_token.

Step 1: Configure an OAuthClient instance using the Java SDK

  • Import the SDK as specified in the Before you get started section.
  • Pass the required parameters to create an OAuthClient instance.
import com.cyberark.client.OAuthClient;

// provide confidential client details for client_id and client_secret
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_CONFIDENTIAL_CLIENT_ID, YOUR_CONFIDENTIAL_CLIENT_SECRET);

Step 2: Get the tokens

Using the oauthClient instance call the following builder methods and execute the request to receive tokens.

TokenHolder tokenHolder = oauthClient.requestTokenWithPassword(YOUR_USER_ID, YOUR_USER_PASSWORD)
    .setGrantType("password")
    .setScope(YOUR_SCOPE)
    .execute();
{
  access_token: "YOUR_ACCESS_TOKEN",
  refresh_token: "YOUR_REFRESH_TOKEN",
  expires_in: 18000,
  scope: "all",
  token_type: "Bearer"
}

Common Methods

For common methods, such as refreshToken, revokeToken and claims, refer to CyberArk Identity Java SDK reference.